ZeroPoint Risk Research, LLC

Archive for the ‘- Tales of a Social Engineer Series’ category

It has been almost two years since I concluded my initial series of blog entries on “Tales of a Social Engineer” (  In that intervening period, it was my hope obsessive longing that data breaches precipitated by social engineering would be curtailed.  It was my hope potentially misguided expectation that there would be calls to [...]

Over the last five weeks I have touched upon several examples of control breakdown which have often left me bewildered and, in fact, saddened.  I do not relish seeing or hearing about events occurring as a result of social engineering which could have easily been avoided.  How often have your heard or seen a news [...]

One traditional methodology for social engineering includes telephone attacks.  Let me describe for you a small-scale example of a phone attack that I utilized with another one of my former clients. I asked my client to provide me with a listing of employees to be utilized as a possible sample population for telephone attack testing.  [...]

Security cameras, by their very nature are detective controls.  I am more a fan of preventative controls, but a mix of the two is important to provide an adequate control environment to an organization.  When implementing cameras, it is not just as simple as adding the hardware and defining a process for monitoring the footage.  [...]

No…I am not talking about Sgt. Pepper and his Lonely Hearts Club Band.  Though, that will always be, in my humble opinion, one of the greatest albums (can we still use that word today?) of all time. Rather, I am talking about art theft.  Today, 3/18/10, marks the 20th anniversary of the (unsolved) theft of [...]

My past social engineering and physical security penetration experiences have proven to me that it can be rather easy to get past any building’s security/guard station and onto an elevator.  But once there, you are not necessarily home free.  Often, floors in office buildings have locked doors secured with badge readers.  There are many available [...]

When performing social engineering projects, the physical security components often involve taking the time to observe traffic patterns and other key factors such as guard change patterns, who stands where, etc.  One of my past clients has a building with a very expansive lobby with tables and arm chairs that could be utilized as a [...]

Social engineering, as listed in the Merriam-Webster online dictionary, can be defined as follows: “…management of human beings in accordance with their place and function in society…” Today’s news reports, books, blogs, and various other forms of media describe specific events where social engineering is utilized to perform illegal, unauthorized, or fraudulent activities.  This may [...]

Proudly powered by WordPress. Theme developed with WordPress Theme Generator.
Copyright © ZeroPoint Risk Research, LLC. All rights reserved.